Facebook has patched the cross-site scripting (XSS) exploit that made smartphone users make automated wall postings. Earlier, security firm Symantec had identified the worm and alerted Facebook about it.
Symantec said that the worm exploited a vulnerability in the mobile API version of Facebook, which was caused by insufficient Javascript filtering. It said that anyone who is logged into Facebook can pick up the worm without the need for any installation.
"Just visiting an infected website is enough to post a message that the attacker has chosen," Symantec’s Candid Wueest wrote.
"Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook. Some are posting links to infected websites, creating XSS worms that spread from user to user."
The exploit has targeted Indonesian users the most.
